Wild Frog Consulting

10/30/2025

Cyber Security Tip: Don’t just throw out that old computer or device!

Getting rid of old computers? Did you know that the components used in technology equipment are not landfill-safe? On top of the environmental hazards, unprotected e-waste typically contains a lot of confidential and private information in the form of saved passwords, Internet history and files left on the retired computer or server.

As a first prevention step, find a local recycling facility where e-waste can be safely disposed of. And make sure to take the following #1 security precaution before you haul it off: remove and destroy the hard drives.

We were recently contacted by an IT director who was desperate to find out if there was a way to remotely wipe hard drives after he found three of his company’s old computers on eBay. He found out the hard way: do not allow the recycling company to “destroy” the drive for you.

As a courtesy to our clients, we are glad to pick up and ensure your e-waste is recycled properly! Of course, before handing off the e-waste we remove the hard drives and render them unreadable. Just let us know and we’ll pick up your old hardware and make sure it’s properly recycled.

Don’t forget other e-waste such as mobile phones, copy machines and any other device that ever touched your company data. Give serious thought to what data is on any device before you recycle it.

Have questions about cybersecurity or some other IT-related issues? Call us at 614-218-8798

10/23/2025

If you installed it, you must update it!

There are thousands of hackers who get up every morning with ONE goal in mind: to find a new vulnerability in a commonly installed software (like Adobe products, Microsoft Office, Chrome, QuickBooks, etc.) to gain access to MILLIONS of their users.

That’s why software companies frequently issue patches and updates for KNOWN security flaws, and once a KNOWN vulnerability is announced via a patch, hackers get to work like crazy trying to figure out how to use the vulnerability and access those users who are lazy about installing updates. That’s why it’s important to update installed software programs as soon as possible.

Of course, if you’re a client of ours, we’re monitoring your network for these updates and automating the process, but your home computers, smartphone and other devices that may NOT be under our protection will require you to be diligent about updates and patches.

10/16/2025

The #1 threat to your security is. . .YOU!

And your employees. Like it or not, human beings are our own worst enemies online, inviting hackers, viruses, data breaches, data loss, etc., through the seemingly innocent actions taken every day online. In most cases, this is done without malicious intent – but if you as a manager or owner aren’t monitoring what websites your employees are visiting, what files they’re sending and receiving, and even what they’re posting in company e-mail, you could be opening yourself up to a world of hurt.

That’s because employees’ actions can subject the company they work for to monetary loss, civil lawsuits, data theft and even criminal charges if they involve disclosure of confidential client/patient information.

Two things you can do: One, create an Acceptable Use Policy (AUP) to outline what employees can and cannot do with work devices, e-mail, data and Internet. That way they know how to play safe. Second, implement ongoing training (like these tips!) to keep security top of mind. We can also run phishing security tests and score your employees. That will truly show if they know how to spot a suspicious e-mail and will make them realize how easy it is to be duped.

Have questions about cybersecurity training, setting up an AUP,
or some other IT-related issues? Call us at 614-218-8798

10/09/2025

Think MFA Alone Will Keep Your Account Safe? Think again!

I’m sure by now you’ve heard a thousand times from IT folks like me extolling the virtues of Multifactor Authentication (MFA).You’ve probably heard that it prevents 99% of account compromises - which is true. So if you have MFA on your account, you must be all set. If only that were so.

Bad guys are REALLY good at what they do. They’ve seen people start adopting MFA and have been working hard on ways around it. Enter MFA session token theft. How does that work? Well. . .glad you asked.

Recently, one of our friends had their Microsoft 365 account compromised. They had MFA enabled and enforced on their account, yet the bad guys were still able to get in. They did so by getting my friend to fall for a phishing email where he entered his account information - including his MFA code. This allowed the bad guys to access a small piece of software the browser stores called a session token. Session tokens are what makes it so you don’t have to keep logging in every time you do something on a web account. With the username, password, and MFA session token the bad guys had all they needed to access my friend’s account - even though MFA was enabled.

So how do you prevent this?

1 - Look skeptically at EVERY email. When I talked to my friend, he said he normally calls the sender if he suspects anything, but he didn’t this one time.

2 - If your IT team provides you with security awareness training, take it seriously. Being educated on the latest tricks and scams is the single best way to avoid falling for a phishing email.

3 - If you suspect you got tricked, notifiy your IT team IMMEDIATELY. In the case above, my friend alerted us right away and we booted the bad guys out, reset his password, and reset his MFA. As a result, we were able to keep the impacts to a minimum.

Anyone can get tricked. So it’s critical you do all you can to arm yourself with the knowledge to keep you and your company safe.

10/01/2021

Today is the start of Cybersecurity Awareness Month. So how about a real-life IMMEDIATE story. About half an hour ago I just sat down to lunch and a client texts me that 3 of their employees just walked out. Within 5 minutes of that text -
- All the now-former employees' entry fobs had been disabled
- Their VPN & server access was disabled
- Deactivated from the company Slack
- Microsoft 365 passwords changed and all their sessions forcibly logged out.
- And had their computers not been secured upon their departure, a MDM command locking the company-owned devices would have been initiated.

This is possible because there were processes in place to handle these types of events. When an employee leaves, it's absolutely critical that their access be disabled as well - and as quickly as possible. Too often when we engage with new clients, we find that long-terminated employees still have server, VPN, email, etc accounts that are still active. I tell clients all the time, that no one is disgruntled - until they're disgruntled. And putting out fires caused by former employees abusing access that wasn't disabled on their departure is the worst way to find out what someone is capable of.

Please. . .take a few minutes and look to see who has access to your server, VPN, Microsoft/Google environment, etc and disable any accounts that no longer belong.

10/01/2021

When you implement a security solution or process only so you can check a box on some form, it’s really unlikely to provide any real protection. If anything it’ll just give a false sense of security.

09/30/2021

Have you been putting off implementing any cybersecurity measures? Next month starts tomorrow - and October is Cybersecurity Awareness Month. So buckle up! Throughout the month, we’re going to be dishing out helpful information so you can better protect yourself and your business.

09/22/2021

09/08/2021

I saw this on my 9 year old’s door one day and it taught me don’t forget who you are & what you’re about - even if you need reminded once in a while. And don't be afraid to tell other people.

I mean she is fun and she is very cool.